Specify AD users that require multi-factor authentication

Specify the Active Directory users that require multi-factor authentication.

This parameter is only for autozone and classic zone.

By default no Active Directory user require multi-factor authentication. When you specify one or more users in this parameter, the users specified will require multi-factor authentication.

You specify users by name or you can list the user names in a file. The user name can be specified in any of the following formats:
- sAMAccountName
- [email protected]
(specify the domain if the account is not in the current domain)
- distinguishedName
- canonicalName
- *
(this includes all AD users)

If a name contains space characters, you can put the name in double quotes or escape the space characters using backslashes:
e.g. "Krusty T. Clowns", Jane\ Doe

You can enter the list of users separated by comma, for example:
joe, janedoe, user1, [email protected]

You can also use a file to specify users. In the file, enter each name line by line. You can mix name formats, for example:
[email protected]

This policy modifies the adclient.legacyzone.mfa.required.users setting in the Centrify DirectControl configuration file.

Supported on:


Administrative Templates (Computers)

Administrative Templates (Users)